(LiveHacking.Com) – Spam is a scourge that causes several problems for most organizations and therefore needs to be stopped before it reaches the users’ mailboxes. Luckily, there are various types of anti-spam filters to suit different types of organizations; however, it is important to understand that spam detection can be quite tricky. If the configuration is wrong, valuable emails will be incorrectly classified as spam. You therefore need to ensure your anti-spam filter is configured correctly to avoid as many false negatives as possible and without creating false negatives as well.

So how would one go about configuring spam detection?

In order to have an effective spam detection mechanism, you can use various techniques. Different products might provide a combination of these technologies but it is important to understand what they are in order to be able to configure each one effectively.

1. Bayesian Filtering:

Bayesian spam filtering is an advanced way for a computer to determine whether an email is spam or not. Bayesian filtering is a system that through training can “learn” to distinguish between spam and legitimate emails. It does this through a statistical analysis of what words one expects to find in a legitimate email and not in spam. To do this, Bayesian filters need to be trained using legitimate emails and spam. Some products offer automated updates and allow the customer to do their own training. Having vendors do the training is advantageous due to the wider range of samples that the training is based on. It is hard to gauge the rate of false positives and false negatives this method can cause. The strength of this method is based entirely on the quality of the training and how typical the spam or legitimate email being checked is.

2. Databases:

Some anti-spam filters include databases of known spammers, open relays and spam emails. These databases have a variety of uses – from recognizing spam email, to recognizing other harmful content in emails such as links to malicious and phishing sites.

3. DNSBL:

DNSBL (DNS Blacklist) is a service offered by some organizations that provide a database of known spammers, open relays and zombies sending spam. Accuracy is dependent on the classification systems used by the service provider. While they’re generally quite good, these systems are sometimes accused of being too strict and thus causing some false positives.

4. Email Analysis:

There are a number of ways to analyze an email and be able to determine if it is spam or not. Some software might check that the headers are crafted correctly, for example if the emails are being addressed to whoever the email is claiming to be addressed to, while others might look for specific keywords. Accuracy can vary but you can expect that keyword-based anti-spam detection will have a higher than normal rate of false positives.

5. Greylisting:

Greylisting is a process whereby an email that arrives at your mail server from an unknown sender, is initially rejected. This will make a legitimate mail server retry again after a delay; if legitimate, the email will be accepted. In many cases the software used by spammers will not try again if the first attempt failed. Provided the mail server sending the email is properly configured, there is no chance of false positives with this method and a minor chance of false negatives should a spammer specifically cater for such scenarios.

6. Sender Policy Framework (SPF):

SPF works by having domain owners specifying what hosts are authorized to send email from the specific domain. If the host sending the email is an unauthorized source, it is marked as spam. This method can cause false positives if a legitimate user sends an email from an unauthorized location, such as a mobile phone.

Knowing what the major spam detection mechanisms are and to what extent they may create false positives are, will help you take an informed decision on how to choose and configure an anti-spam filtering solution.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on what your anti-spam filter should include.

Disclaimer: All product and company names herein may be trademarks of their respective owners.